Click here to close this tab and return to the app.

Google Merchant Center problem with data feed file: "ftpchk3.txt"

Dec 20, 2014

About 30 of our customers notified us that they received this message from Google around 5-6pm EST on 12/19/2014.

Dear Google Merchant Center user,
 
On December 19, 2014 2:23:25 PM PST you uploaded to Google Merchant Center via FTP a file named "ftpchk3.txt", but you don't have a data feed registered with this name. Please verify that you provided the correct file name, including correct capitalization.
 
This is a computer-generated email. Please do not reply.
 
You can change your notification settings at https://www.google.com/merchants/basicsettings

This file is uploaded by a trojan virus that is looking for web hosting FTP accounts so it can spread itself. See here for more information. This file being uploaded does not affect your feed in any way.

We recommend that you reset your Google FTP password. Go to Google Merchant Center FTP Settings and reset the password. Copy the password and update it on the My Account > Manage Feed > Modify Feed Settings page on our website.

Our customers are telling us that their computers are clean. However, as a precaution, we recommend you install anti-virus software like AVG Antivirus 2015 Free Edition and scan your computer to ensure there is no malicious software on your computer.

We are investigating the source for this leak through our hosting company and through Google.

The hack appears to be opportunistic/general, where the virus seems to be looking for easy access to any FTP web hosting account so that it can spread itself. Your Google Merchant FTP account is not of much use to a hacker. Therefore, it should not be of great concern.

We only store the FTP login/passwords in our database, which is behind a firewall and constantly patched. Potential sources for the leak could be from our database, from your PC, from another data feed company that has your login/password, or via a man-in-the-middle attack because the Google FTP server is unencrypted. If you use the same login/password for other sites, there is a small possibility the leak could have originated from one of those.

We will keep you posted as we find out more.

More News